Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 11, #28 - Jul 10, 2006 - Issue #584
Why Upgrading To Longhorn Is A Really Good Idea

  1. EDITORS CORNER
    • The Depressing State Of Computer Security
    • A Day In The Life Of Sunbelt...
    • Quote of the Week
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Agnitum Analyzes Microsoft OneCare
    • Step-by-Step Guide: Running IE On A Virtual Machine
    • Terminal Services Tip: Issues Dealing With Remote Desktop
    • Step-by-Step Guide: Exchange Server Capacity Planning With Performance Monitor
    • Virtualization On Multi-core And Multi-processor Systems
    • Licensing VMs: Industry Tackles Tough Questions
    • Setting Up Workstations With Remote Installation Services
  4. WINDOWS SERVER NEWS
    • Why Upgrading To Longhorn Is A Really Good Idea
    • Microsoft Time Travel
    • Microsoft To Integrate OpenDocument for Office
    • Intel Invests $600 Mil in WiMAX Provider
    • Microsoft To Post 7 Security Bulletins Next Week
  5. WINDOWS SERVER THIRD PARTY NEWS
    • Run SBS And Need Affordable Antivirus For Exchange?
    • Kerio Firewall Wins ComputerShopper 'Best Budget Buy'
    • Shavlik Plugs Gap Left By Discontinued MBSA
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - PRODUCT OF THE WEEK
    • Your Desktop On Your Keychain
Switch From Your Old Exchange AV To Sunbelt Messaging Ninja Why Switch From Your Old Exchange AV To Sunbelt Messaging Ninja?

  • Dual industrial-strength AV engines for your Exchange server
  • Powerful, third-generation, all-in-one messaging security
    with a central management console and optimized performance
  • Significantly lower total cost of ownership
  • Highly Responsive 24/7 US-based Technical Support
  • A state-of-the-art Attachment Filter for FREE
Click now to get started today with Ninja's SMART attachment filter!
http://www.wservernews.com/060710-Ninja

EDITORS CORNER

The Depressing State Of Computer Security

Perhaps you know Roger Grimes. He's an InfoWorld Test Center Contributing Editor, Writes for WinITPro Mag, and is a Foundstone Ultimate Hacking instructor/consultant teaching Windows, Linux, Unix, and Solaris security.

His column this week was as depressing as it was interesting. He puts all his 10 fingers smack in the middle of many sore spots. It was revealing and entertaining to read his admittedly gloomy perspective on security, but he did say that next week's column will point to some solutions. In the mean time, read this and get yourself trained as an IT security specialist. There will be a lot of work for years to come ! [grin]
http://www.wservernews.com/060710-Grimes


A Day In The Life Of Sunbelt...

Last Wednesday, we had an electrical arc on a power pole close to our building, causing extreme fluctuations and taking our power down. The AC was off, and it was a wee bit warm in here. But thanks to generators, most of us were still working. Here are the pics:
http://www.wservernews.com/060710-Electrical


Quote of the Week

Two Quotes of the Week, both by Benjamin Franklin:
"There is no such thing as a good war and there is no such thing as a bad peace."
"He that would live in peace and at ease must not speak all he knows or all he sees."

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]


ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

Freeware for Microsoft AD & ADAM. Web Employee Directory + Self Service from Namescape.
http://www.wservernews.com/060710-NameScape

Another storage tool that does essentially the same thing as DiskView, only for free. It's called WinDirStat - check it out at:
http://www.wservernews.com/060710-WinDirStat

Fyodor has polled his nmap mailing list for their 100 fave security tools. Here is the list, it's multi-platform, not just Windows:
http://www.wservernews.com/060710-Fyodor

The StartupRun utility displays the list of all applications that are loaded automatically when Windows boots.
http://www.wservernews.com/060710-StartUpRun

Need a military-strength multi-platform vulnerability scanner with a large database of prioritized vulnerabilities and priced per admin?
http://www.wservernews.com/060710-SNSI


TECH BRIEFING

Agnitum Analyzes Microsoft OneCare

Alex's blog featured this item. It gives you a first look at Redmond's consumer OneCare product. He starts off like this: "Agnitum, a company which makes an outstanding competitor to my Kerio firewall, has analyzed the OneCare firewall and concluded the following:

Although the program is very intuitive, nice to look at, and easy to use - which is good for the program's target audience of inexperienced users - its functionality is a big let-down and does not serve that inexperienced user audience well. It reminds us of those a colorful and feature-rich Graphical User Interfaces (GUI) with nothing behind them that you sometimes see at exhibitions, because the vendors couldn't't finish the whole program in time. Microsoft OneCare needs a serious overhaul before it can be considered anything more than just a fancy interface with no real security under the hood. More:
http://www.wservernews.com/060710-OneCare


Step-by-Step Guide: Running IE On A Virtual Machine

Over the last several years, it has been open season against Internet Explorer (IE). The Web is littered with malicious Web pages. These pages can install browser hijackers, keystroke loggers, viruses, adware, or just about anything else that you can think of on IE. One possible solution to the problem is to run Internet Explorer inside of a virtual machine. Learn more in this guide at SearchWindowsSecurity:
http://www.wservernews.com/060710-Virtual_IE


Terminal Services Tip: Issues Dealing With Remote Desktop

Access a collection of Christa Anderson's expert responses to reader questions regarding Remote Desktop at SearchWinIT.com:
http://www.wservernews.com/060710-Remote_Desktop


Step-by-Step Guide: Exchange Server Capacity Planning With Performance Monitor

Long-term capacity planning requires you to take a few minutes out of your day once a week to crunch a few numbers. But the results are priceless, because they allow you to see the big picture of how your Exchange servers are consuming resources. In this guide, learn how to use the Performance Monitor tool for Exchange Server long-term capacity planning and trend analysis, and how to analyze the results to forecast the potential for future growth-related performance issues and outages. At SearchExchange:
http://www.wservernews.com/060710-Exchange_Capacity


Virtualization On Multi-core And Multi-processor Systems

The more CPUs you have available in a computer that runs virtualized machines, the more processing power you can share among the virtual computers. But the presence of multi-core CPUs complicates the picture a little bit. This article offers some guidelines for using virtualization with multi-core systems at SeachServerVirtualization:
http://www.wservernews.com/060710-Virtualization


Licensing VMs: Industry Tackles Tough Questions

How to license virtual machines is still a big question. Industry vendors and analysts are trying to answer it quickly to cut IT costs. Interesting article from a budget perspective:
http://www.wservernews.com/060710-VM_Licensing


Setting Up Workstations With Remote Installation Services

In larger companies, there are two popular options for streamlining the task of manually setting up workstations: disk imaging and MS's Remote Installation Services (RIS). This could save you a lot of time:
http://www.wservernews.com/060710-RIS


WINDOWS SERVER NEWS

Why Upgrading To Longhorn Is A Really Good Idea

Over the long 4th of July weekend, except for celebrating my birthday, I had some time to look at Longhorn and came to the conclusion that it will be a real bonus for any system admin to migrate up as soon as you possibly can. Just like upgrading from W2K to W2K3 was fairly smooth and popular, I think you are going to want to move to Longhorn just as fast when you understand all the pros. Redmond has really listened and this new version is awesome.

I expect the beast to be called Windows Server 2007, so that means I'm going to abbreviate to W2K7 after it arrives. Longhorn rolls up a tremendous amount of features, which mainly focus on consolidating and simplifying your admin and deployment. Longhorn beta 2 comes in both 32- and 64-bit editions, supports quad-core CPUs from both Intel and AMD, and also comes as "Longhorn Server Core Edition". This puppy is stripped down and Redmond's 'headless' answer to Linux. You can create a nice simple server with it, for stuff like DNS, DHCP or file/print, easily integrated with your centralized management.

The beast also comes with a mini-AD just for apps, which I hope will allow us to get completely rid of INI files and registry troubles. More over, AD will be restartable without having to reboot. Yessss. Another thing I like a lot is the fact that Terminal Services are now able to run a remotely hosted app, without first installing it, in a window that for your end-user looks exactly the same as a local app, wOOt!!

Longhorn also talks to its clients with the use of both cached and transactional technology. This makes its reliance on the network a bit less which is always welcome, despite current networks' higher reliability. A good example is Longhorn's Transactional File System which allows you to implement 'roll back' features to certain apps.

The new Longhorn deployment services do away with the need for ghosted images. Goodbye Norton Ghost. You can take either a client or a server and boot these puppies straight from the network, plus configure them and load them from your own desk. Awesome. More over, Redmond finally stuck all the system admin and monitoring tools where they should have been to begin with, in the MMC.

Longhorn also comes with NAP. This is a quite useful technology that allows you to set security policies about network access. Systems that do not comply are not allowed to join your network. Think stuff like updated patches, antivirus activated, correct service packs and the like. NAP can stick non compliant users in quarantine with limited network access. I like! Microsoft is not going to have to promote hard for adoption like they had to with Exchange V5.5. You are going to want this puppy right away.

I know that a lot of you are not going to be running to upgrade all your workstations to Vista. But after you have done so, in a few years, there is one feature that is very useful: Vista Group Policy. Longhorn Server will have about 2,500 registry settings. Compare that to Windows NT 4.0 with only 79 settings (!) Group Policy is being beefed up, more granular and it will help you tame the monster and serve up completely new capabilities to users.

Security has been beefed up at all corners. It starts with the initial deployment lockdown, continues through the 'server role' steps, and now uses Unix-like user management that can dictate permissions for a large amount of user functions using the Group Policy Manager with the User Account Control at the Vista side.

The Group Policy Management Console (GPMC) tool will be natively included in in Vista and Longhorn Server, and will have an improved ADM syntax, now called ADMX, an XML-based format for creating custom ADM files. Smaller and faster. Also recommended.

But wait, there's more! Redmond has redesigned the TCP/IP stack from the ground up, and it now includes support for IPv6 and lots of APIs for smarter network packet management that may lead to later 'quality of service' capabilities. Things like protecting high-def voice and video packets are becoming possible.

Last but not least, the BitLocker drive encryption allows you to lock a disk drive to the system board in a computer. That prevents a disk from being mounted in another system to steal the data, but also prevents access to the data without proper credentials. And that will make it a lot more difficult booting the drive via another OS or by the use of a Windows hacking tool. Longhorn is a slam-dunk, must-have upgrade for any one of you.

Microsoft Time Travel

Tony Gore in the UK sent me this Thursday July 6, 2006. "Just checked my WSUS (on SBS) today to see if there are any patches needed - although Microsoft normally release only on "Patch Tuesday" once per month, recently they have taken to releasing all the time. The June patch for Exchange was re-released i.e. updated two or three times last month - so many times I lost count.

"Today WSUS shows Office XP SP3 ready for download on 11/7/2006 (11 Jul 2006 - sorry I am in the UK and our dates are listed differently) and what is more, it has started downloading along with some other patches - looks to be around the 400M size.

"I haven't seen any announcement of it yet, and if it is not yet reached its release date, why should it download? Does WSUS download earlier than this, but not install until the release date? I can see some advantage in this when a patch is large - allowing it to be downloaded before the update server gets swamped from requests from non-corporate users." Tony, we did some research, and here is the Microsoft release page:
http://www.wservernews.com/060710-MS05-035


Microsoft To Integrate OpenDocument for Office

Acknowledging the OpenDocument Format's (ODF) increased pressure, Redmond announced today that it will support an open-source project to create plug-ins allowing Office users to open and save files in ODF. Like a lot of open source apps, the code will be hosted on the Sourceforge.net site. Tom Robertson, general manager for standards and interoperability for Microsoft said that the goal is a free plug-in that allows Office to natively save files in ODF, and 2-way convert files in Office 2007's OpenXML format to ODF. Expect the Word plug-in by December, and similar plug-ins for Excel and PowerPoint later next year. Here is the MS-announcement:
http://www.wservernews.com/060710-OpenDocument


Intel Invests $600 Mil in WiMAX Provider

Here's one of my 2004 Crystal Ball predictions coming true! Intel is investing $600 million in WiMAX pioneer Clearwire Corp. It is part of a $900 million investment that will likely make adoption of WiMAX a "fait accompli". Motorola said it will also contribute part of the extra $300 million going to Clearwire.

Clearwire is selling wireless Internet access in 26 metro markets in the U.S., Ireland, Belgium, Denmark and Mexico. Their service is still based on a precursor to WiMAX but they said they will convert to WiMAX, which delivers service at ranges of one to 10 miles, compared with around 150 feet for Wi-Fi. For the prediction:
http://www.wservernews.com/060710-Prediction


Microsoft To Post 7 Security Bulletins Next Week

Microsoft will post seven security bulletins next Tuesday, including four bulletins for Windows and three bulletins for Microsoft Office, the company said Thursday. At least one Windows bulletin and one Office bulletin will address a critical security issue.

WINDOWS SERVER THIRD PARTY NEWS

Run SBS And Need Affordable Antivirus For Exchange?

There are LOTs of you out there that run Small Business Server (SBS) with 5, or 10 mailboxes. Consultants set these SBS systems up all the time. Doctors, small law offices, Dentists, you name it. But then the costs come in. Compared to the big AV boys, the Sunbelt Messaging Ninja prices are a no-brainer.

Ninja however, can be purchased online with immediate delivery of 30 day full-function code and (after a fraud check) permanent keys sent same- or next business day. This is an awesome solution for SBS. Ninja now runs on over 1,600 production servers! Ninja with your subscription for anti-spam and anti-virus (1 year each) and free powerful attachment- filtering for 10 mailboxes is only 299 bucks. Here is the link to the cart, and you can change the amount of mailboxes and recalculate to see how much it would cost for your own small office.
http://www.wservernews.com/060710-Ninja_SBS


Kerio Firewall Wins ComputerShopper 'Best Budget Buy'

The review starts off with: "Kerio Personal Firewall was recently bought by Sunbelt, which promptly halved the price. We haven't reviewed this standalone firewall before, so we were intrigued to see how it would stand up to the established competition. It turns out that this is a seriously good personal firewall for the money. Not only does it make a decent effort of deflecting unwanted traffic, it does so without scaring the user. When it detects an incoming port scan, for example, it doesn't pop up useless alerts. Instead it registers the attack on a counter so you can see how many hackers have included you in their random scanning. For the full review, check this link:
http://www.wservernews.com/060710-Kerio_Review

Get the Kerio firewall here:
http://www.wservernews.com/060710-Kerio


Shavlik Plugs Gap Left By Discontinued MBSA

Shavlik Technologies on Wednesday released a trio of tools to fill the gaps that will be left when Microsoft drops support later this year for its older security scanning tools. NetworkWorld has the story:
http://www.wservernews.com/060710-MBSA


WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - PRODUCT OF THE WEEK

Your Desktop On Your Keychain

No, you cannot get this yet from Microsoft, but I think this is a cool concept. Here is the Microsoft Research site where they explain how it would work. I think I read something about a third party company doing something like this already. Let me know if you have seen it somewhere? I'll write about it in the next issue!
http://www.wservernews.com/060710-Keychain_Desktop